Extra Credit

hello guys, I started this new service check note.txt file for a sanity check.

Author: xor and the half adder

My friend gave me some fancy text, but it was reversed, and so I tried to reverse it but I think I messed it up further. Can you find out what the text says?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: HSN CS Club

One of these is not like the others.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: JoshDaBosh

Decode using hex and see what you get...
6236343a20615735305a584a755a58526659323975646d567963326c76626c3930623239736331397962324e72

Use flagCheck to input the flag you get from the challenge to get the actual flag

If you need hint than cat /challenge/hint.txt

Author: angstromctf team

The amoeba is a fascinating creature.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: angstromctf team

Encoding is not encryption, but what if I just encode the flag with base16,32,64? If I encode my precious flag for 150 times, surely no one will be able to decode it, right?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Sunggwan Choi

Jason made a new SuperSecure™ website, but lost his password. It's displayed on the admin page. Can you login?

Use flagCheck to input the flag you get from the challenge to get the actual flag

If you need hint than cat /challenge/hint.txt

Author: angstromctf team

I created a Web application in Flask, what could be wrong?

Author: belugagemink

I tried to make my own version of cookie clicker, without all of the extra fluff. Can you beat my highscore?

Only open the localhost application on the pwn.college desktop

Author: malfuncti0nal

What does asm1(0x1f3) return? Submit the flag as a hexadecimal value (starting with '0x'). NOTE: Your submission for this question will NOT be in the normal flag format.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Sanjay C

Reading assembly language is one of the core skills for reverse engineering. Test your abilities by tracing {{code.s,this code}} and seeing what %eax contains by the end! Enter the result as an unsigned decimal integer.

Use flagCheck to input the flag you get from the challenge to get the actual flag

If you need hint than cat /challenge/hint.txt

Author: angstromctf team

What will asm4("picoCTF_75806") return? Submit the flag as a hexadecimal value (starting with '0x'). NOTE: Your submission for this question will NOT be in the normal flag format.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Sanjay C

One of the commmon categories in CTFs is Reverse Engineering, which involves using a dissassembler and other tools to figure out how an executable file works. For your first real reversing challenge, here is an ELF file. Head over to /challenge on the shell server to try it out, and once you have the input right, get the flag!

Note: Use sudo to run the binary as:

/bin/sudo /challenge/binary_name

Author: SirIan

How well do you know assembly? Do you know of any tools that can help you? (Hint, they both start with the letter G)

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: BYU Cyberia

After two break-ins to his shell server, kmh got super paranoid about a third! He's so paranoid that he abandoned the traditional password storage method and came up with this monstrosity! I reckon he used the flag as the password, can you find it?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Aplet123

I found this program (source) that lets me add positive numbers to a variable, but it won't give me a flag unless that variable is negative! Can you help me out? Navigate to /challenge/accumulator64 on the shell server to try your exploit out!

Note: Please use accumulator64_patched for running the challenge and getting pwn.college flag. accumulator64 binary is original source and accumulator64_patched is made for it to work with pwn.college.

Author: SirIan

Baby friendly!

Author: JoshDaBosh

defund found out about this cool new dark web browser! While he was browsing the dark web he came across this service that sells rope chains on the black market, but they're super overpriced! He managed to get the source code. Can you get him a rope chain without paying?

Use the patched version to get the flag

Author: Aplet123

My friend was passing notes during class. Can you find them?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: cavocado

:) Someone at a company was supposedly using an unsecured communication channel. A dump of company communications was created to find any sensitive info leaks. See if you can find anything suspicious or concerning.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Andrew Prajogi

Tisaia has sent disguised message out of Aretuza. Gerad who has been watching her for some time, has intercepted this communication. Can he understand the meaning of all this SOURCEry?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: anderson101

We found these mysterious symbols hidden in ancient (1950s-era) ruins. We think a single byte may be key to unlocking the mystery. Can you help us figure out what they mean?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: singerng

"We've been monitoring our adversaries' communication channels, but they encrypt their data with XOR one-time pads! However, we hear rumors that they're reusing the pads...\n\nEnclosed are three encrypted messages. Our mole overheard the plaintext of message 2. Given this information, can you break the enemy's encryption and get the plaintext of the other messages?"

Author: Pomona

Medium

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: BYU Cyberia